References

General Guides and Cheat Sheets for Windows Privilege Escalation

Here’s a consolidated list of resources, guides, and cheat sheets to assist security professionals in understanding and exploiting Windows privilege escalation techniques. Each resource provides detailed methodologies and tools for different aspects of privilege escalation.

General Guides

  1. Microsoft Documentation on icacls Learn how to modify and view Access Control Lists (ACLs) on Windows systems. Read more

  2. Privilege Escalation Windows - Philip Linghammar Comprehensive coverage of Windows privilege escalation techniques. Guide Link (Placeholder, ensure you access it from a reputable source)

  3. Windows Elevation of Privileges - Guifre Ruiz Detailed examination of privilege escalation techniques used in Windows environments. Guide Link (Placeholder)

  4. The Open Source Windows Privilege Escalation Cheat Sheet by amAK.xyz and @xxByte Community-driven cheat sheet consolidating numerous techniques. Access here

  5. Windows Privilege Escalation Fundamentals Essential concepts and strategies in Windows privilege escalation. Guide Link

  6. TOP 10 Ways to Boost Your Privileges in Windows Systems - Hackmag A concise article outlining effective privilege escalation techniques. Read here

  7. Windows Privilege Escalation Guide - Absolomb's Security Blog Comprehensive guide covering various privilege escalation scenarios. Blog Link

Advanced Techniques and Specific Vulnerabilities

  1. Abusing DiagHub - xct Exploits the Microsoft Diagnostics Hub for privilege escalation. Article Link

  2. Weaponizing Privileged File Writes with the USO Service - itm4n Exploits Windows Update Service for file write vulnerabilities. Article Link

  3. Abusing SeLoadDriverPrivilege for Privilege Escalation - Oscar Mallo Discusses exploiting driver loading privileges for EoP. Guide Link

  4. Abusing Arbitrary File Deletes to Escalate Privilege - Simon Zuckerbraun Explores privilege escalation through file deletion vulnerabilities. Read more

  5. Giving JuicyPotato a Second Chance: JuicyPotatoNG Updates and new methods for using JuicyPotato for EoP. Guide Link

  6. Hacking Trick: Environment Variable $Path Interception Techniques involving environment variable manipulation for EoP. Read more

Workshop and Presentation Resources

  1. Local Privilege Escalation Workshop - @sagishahar A presentation covering techniques and strategies for local privilege escalation. Slides Link (Placeholder)

  2. Windows Exploitation Tricks - James Forshaw, Project Zero Techniques for exploiting file writes and other vulnerabilities. Read more

  3. Alternative Methods of Becoming SYSTEM - Adam Chester Unconventional techniques for achieving SYSTEM privileges. Article Link

Pentestlab.blog Series

A series of detailed posts covering different privilege escalation techniques:

  • WPE-01: Stored Credentials

  • WPE-02: Windows Kernel

  • WPE-03: DLL Injection

  • WPE-04: Weak Service Permissions

  • WPE-05: DLL Hijacking

  • WPE-06: Hot Potato

  • WPE-07: Group Policy Preferences

  • WPE-08: Unquoted Service Path

  • WPE-09: Always Install Elevated

  • WPE-10: Token Manipulation

  • WPE-11: Secondary Logon Handle

  • WPE-12: Insecure Registry Permissions

  • WPE-13: Intel SYSRET

Read the series here

Living Off The Land Binaries and Scripts (LOLBAS)

LOLBAS Project: Catalogs Microsoft-signed binaries and scripts that can be abused for unintended actions. Learn more

Conclusion

These resources provide a comprehensive knowledge base for understanding and exploiting privilege escalation in Windows systems. They are invaluable for penetration testers, red teamers, and security professionals aiming to identify and mitigate privilege escalation vulnerabilities.

PreviousEoP - Privileged File WriteNextPractical Labs

Last updated